remove unique index from IDToken's token field

[michaelhelvey]

Description of the Change

On MySQL 8.0 (and before, as far as I know) creating a unique TEXT index
will fail with err 1170 "BLOB/TEXT column 'token' used in key specification
without a key length"

This PR simply removes the invalid unique index.

Checklist

• PR only contains one change (considered splitting up PR)
• unit-test added (N/A for this change as far as I know)
• documentation updated (N/A for this change as far as I know)
• CHANGELOG.md updated (only for user relevant changes)
• author name in AUTHORS

[auvipy]

or should we move to uuid?

[michaelhelvey]

but isn't this value not actually a uuid, but a raw JWT (see the get_claims method on this class?), in which case a TextField is the appropriate type? Maybe I'm not understanding what this value does.

[fvlima]

this field needs to be a text field because that will be persisted a long string (the jwt token) on this, but, I think that independently of the database backend, it seems there is no reason for this field to be a unique field.

[fvlima]

but, in terms of security, I think that this token really needs to be unique. so every request will receive a valid response with a different valid token. in the token generation process, more information can be put to guarantee that uniqueness won't be invalid. I don't know, but I think that need another approach to resolve this problem for mysql backends

[CarlSchwan]

An idea would be to add an additional unique CharField that contains a hash of the token. So we can make sure it is really unique on an mysql backend.

[auvipy]

also check https://github.com/wiliamsouza/django-oauth-toolkit/pull/4/files

[fvlima]

The openid flow is already in the master through this PR jazzband#859. I think that this proposal fix here can be pointed to the master now